Link: https://info.cygnvs.com/resources/insights/credit-unions-versus-inevitable-cyber-attacks
Credit unions deal with troves of sensitive financial information and Personal Identifiable Information (PII). This makes them a prime target for cybercriminals. A recent report by Arctic Wolf highlighted an alarming statistic. Financial services firms are 300 times more likely to face cyber-attacks, with an average breach cost of $5.9 million USD. A breach in a credit union's security can lead to severe consequences. These extend beyond mere financial losses, like fraudulent spending and the cost of replacing debit cards. They also include revenue loss due to downtime and damage to their reputation. This damage often results in lost members. The aftermath of such incidents can be especially catastrophic for smaller credit unions, potentially jeopardizing their continued existence. Challenges Faced by Credit Unions Credit unions often operate insufficient and outdated technology. This can make them susceptible to cyber threats. Darrin Johnson, MD of Cybersecurity Services at Progent, a managed security service provider, observed multiple instances where PII and sensitive information were left on outdated, unpatched servers. Furthermore, Joshua Marpet, IAN Faculty advisor and CMMC author, found that many credit union technology inventories are not adequately updated. This leaves them vulnerable to end-of-life systems still being utilized. Managing Third Party Risk Credit unions often leverage third parties to enhance the features and functionality offered to their members. Threat actors see this as an easy way to carry out cyber-attacks. This type of susceptibility was highlighted recently when ransomware infected 60 credit unions through a vulnerability in a third-party IT vendor (CVE-2023-4966). This disrupted operations and exposed the credit unions' exposure to third-party risks. Redefining Cyber Resilience for Credit Unions Recognizing the challenges credit unions face, the National Credit Union Association (NCUA) advises credit unions to adopt a proactive approach. The NCUA suggested measures include patching vulnerabilities, implementing MFA (Multi-Factor Authentication), conducting security awareness training, enhancing email security, and establishing an incident response plan. CYGNVS takes it a step further—it’s not just about having a plan; it’s about having a dynamic response plan. It should be available and easily accessible even if your network is compromised and your files are encrypted by a threat actor. Cybersecurity MDR company Critical Start says that “preparing for potential breaches, credit unions can bolster their defenses and safeguard the financial well-being of their members.” CYGNVS enables credit union cybersecurity teams to actively participate in and respond to simulated cyber threats in the same place they will ultimately fight from. This approach helps you identify and update your response playbooks on the fly. It also gives your team the muscle memory needed to respond to cyber-attacks. Staying Compliant Credit unions must comply with regulation, adding complexity to incident response efforts. These standards are constantly under review and revised to keep up with evolving technologies. The NCUA says that “all federally insured credit unions must notify the NCUA as soon as possible, and no later than 72 hours after the credit union reasonably believes it has experienced a reportable cyber incident or received a notification from a third party regarding a reportable cyber incident.” CYGNVS not only assists in complying with existing regulations but also adapts to evolving standards. CYGNVS’ incident command center offers a single pane of glass to ensure all the necessary steps have been taken and completed. This helps accelerate response timelines allowing companies to meet their regulatory requirements to report within a given timeframe. The true test of preparedness arises when a team can demonstrate that their organization can confidently execute a response plan swiftly and effectively. The CYGNVS Advantage Navigating a cyber incident can become complex with the involvement of numerous stakeholders, including the general counsel, CISO, C-suite executives, operations, security, incident response teams, crisis communications and PR agencies, as well as third-party providers like outside counsel, forensics, crisis communications etc. In the event of a cyber incident, CYGNVS provides a secure, out-of-band place to not only swiftly respond to the cyber-attack, but also to report the incident in the required timeframe With the CYGNVS platform’s Dynamic TenancyTM capability, you gain access to a secure place where you can effectively collaborate both internally and externally, with fine-grained access control across all users. CYGNVS provides a fortified environment for real-time information sharing, communication, and collaboration between internal and third-party teams. Additionally, CYGNVS’ patented Isolate ModeTM raises the drawbridge to your company data, ensuring that only stakeholders with the right privileges can communicate and collaborate on the platform, preventing threat actors from gaining access to your response strategy.
0 Comments
Link: https://info.cygnvs.com/resources/insights/buckle-up-cygnvs-cybersecurity-predictions-for-2024
Strap in and prepare for a wild ride in 2024, as it is already shaping up to be a pivotal cybersecurity year. Bolstered by generative AI (Artificial Intelligence), ransomware uptrends, evolving regulations, and a booming cybercriminal economy, threat actors have more resources to launch detrimental attacks on organizations of all sizes. “In 2024, we will witness a heightened emphasis on preparedness and response, spurred by impending SEC regulations and the recognition of an ever-evolving threat landscape, where adversaries often outpace our defenses with new challenges. As we approach 2024, I am reminded of a 2,000-year-old lesson from Epictetus: ‘It's not what happens to you, but how you respond’ – a timeless wisdom that resonates now more than ever.” says Kevin Gaffney, CTO at CYGNVS. According to Cybersecurity Ventures, global cybercrime costs are projected to grow by 15% annually over the next two years, reaching a staggering $9.5 trillion in 2024 and 10.5 trillion by 2025. To help organizations brace for what lies ahead, our team of cybersecurity experts at CYGNVS share five trends expected in the coming year:
Link: https://www.darkreading.com/vulnerabilities-threats/3-most-prevalent-cyber-threats-holidays
Chaos and volume of holiday season sales make a perfect storm of threat opportunity. Companies need to prepare — and practice! — action plans, identify key stakeholders, and consider cyber insurance. As many of us deck the halls, some folks are dealing with the cybersecurity holiday season — that perilous time of year rife with breaches, attacks, and threats in far greater frequency than in any other time of year. Salesforce forecasts 4% global and 1% US year-over-year online sales growth across November and December — reaching $1.19 trillion and $273 billion, respectively. The surge in cyber business is a welcomed challenge to any organization, with many generating the highest volume of sales per month during those few months. The chaos and volume of the holiday season doesn't only affect retail organizations. Partners, developers, manufacturers, supply chain, technology providers, communication providers, transportation, support systems, and more are involved in orchestrating a smooth, successful holiday shopping season. These organizations all rely on technology to create, sell, supply, transport, and collaborate. The impact of the season is broad and wide, with connections that span organizations. For Threat Actors, That Translates to OpportunityThe increased threat activity isn't just due to the volume of business being transacted over technology. There is a perfect storm brewing during that season — a culmination of complexity, resource constraints, and vulnerabilities. Three threats are most prevalent during the holiday season:
For businesses aiming to enhance their preparedness, I suggest taking a few crucial steps.
Link: https://medium.com/authority-magazine/alex-waintraub-of-cygnvs-on-why-the-us-government-is-getting-serious-about-medical-device-2e05e4588551
In an era where technology is revolutionizing healthcare, medical devices — from pacemakers to insulin pumps to hospital imaging machines — are becoming increasingly interconnected. While these advancements offer unprecedented benefits, they also expose healthcare systems and patients to new cybersecurity risks. Cyberattacks on medical devices can result in compromised patient safety, data breaches, and even loss of life. Acknowledging the gravity of the issue, the US Government is ramping up its focus on medical device cybersecurity through regulations, initiatives, and collaborations with industry stakeholders. As a part of this series, we had the pleasure of interviewing Alex Waintraub of CYGNVS. Alex Waintraub is a cyber security professional and currently the DFIR Expert Evangelist. With over a decade of experience in IT, Security Operations, and DFIR, he possesses in-depth knowledge of security analytics, leadership qualities, and the ability to work with small-or large-scale cyber security teams. He has been a part of CyberSecurity operations for several global retail, commercial, financial, and technology enterprises. He graduated with a bachelor’s in Information Technology and Network Security from NYIT. Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about CYGNVS and your role at the company? Absolutely. CYGNVS is the Latin word for swan. Cyber breaches are common, but cyber crises are black swan events for most organizations. In the age of evolving technology, we know it’s no longer a matter of if a cyber incident can happen — but when. Moreover, The World Economic Forum found that 95% of cybersecurity breaches are caused by human error. The CYGNVS Cyber Crisis Command Center was created to bridge a critical gap in preparedness with a solution that provides a safe, secure, and guided space to swiftly work through a cyber crisis. I am a Digital Forensics and Incident Response (DFIR) professional at CYGNVS. In my role, I lead security operations for our clients to build incident response plans while triaging, validating, and defending against escalations for a range of security incidents. Are you working on any exciting new projects now? How do you think that will help people? We are always working on new innovations to provide organizations with a safe space during the stressful moments of a cyber incident. We built the CYGNVS platform to be a safe harbor by creating an out-of-band system that acts as a secure and separate “war room” to get them back on their feet to safety. We’re extending that secure and out-of-band approach to our incident command center, enabling connection with an ecosystem of trusted experts while allowing organizations to maintain ownership of their sensitive data. Additionally, we’ve enabled legal teams to generate comprehensive regulatory and compliance reports that include incident timelines, risk assessments and other critical data points that are protected and accessible only to designated participants. Through our out-of-band incident command center, lawyers, forensics specialists, insurers, and other expert consultants are available with a click to help businesses respond and recover during a crisis. Ok, thank you. Let’s now move on to our main topic. For the uninitiated, can you explain the nature and scope of cybersecurity threats to modern medical devices? How significant is the risk in comparison to other sectors? Of course. When we talk about medical devices, we refer to various technologies, from simple thermometers to complex machines like MRI scanners. All these devices, big and small, are susceptible to cybersecurity threats. Additionally, the interconnected nature of these devices in a healthcare setting amplifies the risk. For instance, a basic device like a tongue depressor may not pose a cyber threat, but devices involved in treatments connected to remote systems or the cloud can be vulnerable. Cyber threats in healthcare are significant due to the potential for remote interference, data breaches, and the interconnectedness of devices that can cause a domino effect if one system goes down. The risk is substantial, especially when considering the potential impact on patient safety and the integrity of healthcare systems. Threat actors are typically attracted to critical healthcare data, often for the implications of potential financial gain. Research has found that 86% of breaches are financially motivated, and 10% are motivated by espionage. According to the American Hospital Association, healthcare organizations are particularly targeted by cyber-attacks because they possess large amounts of high-value information. Take the 2017 WannaCry ransomware attack, for example. The widespread attack infected 230,000 computers across 150 countries in just hours. The attack also targeted the U.K.’s National Health Service systems, causing cascading issues, including delays in non-urgent surgeries, canceled patient appointments, and the inability to access patient records. Could you highlight some key regulations or initiatives that the US Government has introduced or proposed specifically targeting medical device cybersecurity? How have these been received by industry stakeholders? To address recent breaches within the industry, the 2023 omnibus package signed by President Biden requires device manufacturers to provide key cybersecurity information to the FDA before market release. The FDA, in response, has implemented legally binding guidelines and received a $5 million boost to enforce these rules. With these regulations in place, manufacturers must prove their ability to address cybersecurity vulnerabilities post-market release, including patching and vulnerability disclosures. Industry stakeholders, such as the Medical Imaging & Technology Alliance, have generally welcomed the FDA’s flexibility in implementing these cybersecurity provisions. This underscores the necessity for manufacturers and healthcare providers to proactively plan for potential cyber threats. Implementing a secure out-of-band incident command center is crucial for rehearsing responses to potential cybersecurity incidents. From a manufacturer and healthcare provider perspective, what are the most pressing challenges in adapting to and complying with these cybersecurity regulations? Are there any unforeseen hurdles they’ve had to navigate? While these regulations are necessary, they do pose new challenges for manufacturers and healthcare providers. Some of the most prominent issues include updating devices with outdated operating systems, addressing known vulnerabilities, and ensuring the connectivity and interoperability of devices. The industry as a whole faces the need for additional staff to review cybersecurity information, the development of programs to respond to vulnerabilities, and the release of comprehensive guidance. Plus, requiring a software bill of materials and external testing adds transparency but may be a bit tricky to put into action. With regulations becoming more stringent, do you think this might impede or slow down the innovation of medical devices? How are manufacturers ensuring both security and the continuous advancement of medical technology? While stringent regulations aim to enhance cybersecurity, there’s a concern about their impact on the pace of innovation. The FDA’s decision not to outright reject new device applications, instead working with sponsors to address deficiencies until October, reflects a balance between security and innovation. Manufacturers need to find a middle ground, ensuring the continuous advancement of medical technology while meeting cybersecurity standards. Collaboration between industry stakeholders and regulatory bodies is crucial to strike this balance. What are your “5 Things Everyone Should Know About Medical Device Cybersecurity?”
My prediction is that there will be a significant focus on advancing medical device security through the integration of encryption, blockchain for data integrity, and AI-driven threat detection. Manufacturers and healthcare providers must strategically plan for the seamless incorporation of these advancements into their response plans. Secure collaboration among stakeholders, including manufacturers, healthcare providers, and regulators, will be crucial in creating a collective defense against emerging cyber threats. Continuous planning, preparation, and a secure out-of-band area to communicate with internal and external providers to ensure rapid response will be crucial for any business. Even more so, a secure place to track an incident response and report to regulatory bodies will be key. I predict this will become standard practice as more organizations understand that a proactive and resilient approach is the best way to safeguard patient health and data. This was very inspiring and informative. Thank you so much for the time you spent on this interview! About The Interviewer: David Leichner is a veteran of the Israeli high-tech industry with significant experience in the areas of cyber and security, enterprise software and communications. At Cybellum, a leading provider of Product Security Lifecycle Management, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s product and market penetration. Prior to Cybellum, David was CMO at SQream and VP Sales and Marketing at endpoint protection vendor, Cynet. David is a member of the Board of Trustees of the Jerusalem Technology College. He holds a BA in Information Systems Management and an MBA in International Business from the City University of New York. Insider threats and the talent gap: What are organizations missing in their cybersecurity defense?10/24/2023 Link:https://info.cygnvs.com/resources/insights/insider-threats-and-the-talent-gap-what-are-organizations-missing-in-their-cybersecurity-defense
Large and small organizations alike are both highly susceptible to insider threats. And it’s even harder to prevent them with the lack of internal oversight brought on by a talent gap in the cybersecurity industry. In this article, let’s take a look at some common types of insider threats that your organization is likely to fall victim to, and how the talent gap increases your vulnerability. From there, we’ll share strategies for leveraging technology to help you reduce the likelihood of having your data stolen by an insider threat – and discuss how you can recover quickly if it happens to you. What is an Insider Threat? An insider threat is a cybersecurity risk that originates from inside the organization, arising from an individual with a level of authorized access or data visibility within your environment – and the cause can be either malicious or unintentional. In a malicious insider threat, an individual is knowingly causing harm to a business. In some cases, employees or contractors are being paid by third-party groups to grant them access to confidential data within corporate environments, as the hacking group Lapsus$ famously did to gain access to data at Microsoft and other companies. In this case, Lapsus$ was able to gain contacts all over the world, as they were able to purchase access credentials from individuals who were frustrated with their companies, enabling the threat actor to log in and cause damage before the company realizes anything is amiss. Other malicious acts may be caused by employees who are whistleblowers and are deliberately stealing and exposing data to show corporate malfeasance, or those trying to enact revenge on the company to settle a grievance. Other insider threats are unintentional in nature and take place as a result of social engineering by a threat actor. For example, the employee may click on a phishing link where they’ll enter their corporate account credentials, or they may give confidential information to someone who is posing as an internal authority, such as the company CEO. Phishing attacks are one of the most common types of cybercrime, with 92% of organizations falling victim to phishing attacks in 2022, a 29% increase from the year before. In these situations, the employee had no malicious intent, but the end result is no less devastating. Insider threats of all types can lead to devastating business losses, including business disruption, reputation damage, intellectual property theft, legal liabilities to stakeholders whose data was leaked, and remediation costs. The average total cost of a data breach in 2023 was $4.45 million. The Cybersecurity Skills Gap Amplifying the insider threat problem, many organizations are also facing a significant cybersecurity skills gap. Only 44% of business leaders and 46% of cyber leaders say that their organizations have the people and skills they need today for adequate cybersecurity defense. In fact, 3.4 million cybersecurity experts are needed globally to support today’s digitized economy. Recruiting is a challenge, and employers struggle to retain highly qualified cybersecurity staff: Gartner predicts that nearly half of all cybersecurity leaders are likely to change jobs due to job-related stresses by 2025. When turnover happens, important institutional knowledge is lost, and organizations are more susceptible to phishing attempts and other types of cyber attacks. Organizations are also likely to hire more underqualified employees, who will take time to build the necessary skills to establish and maintain a strong cybersecurity posture for the business. Fortunately, bringing in the right technology solutions can help you reduce the negative consequences of shortfalls on your cybersecurity team. How CYGNVS can help Leveraging a best-in-class cybersecurity incident response platform like CYGNVS gives you the tools to overcome staffing shortages in helping you identify and respond to cybersecurity incidents. CYGNVS offers a secure, out-of-band communications platform where your organization can:
Learn more about using CYGNVS to manage your response to insider threats. Visit us at CYGNVS.com or get a demo today. https://info.cygnvs.com/resources/insights/7-key-takeaways-from-the-2023-black-hat-conference
The Black Hat Conference in Las Vegas has been one of the most important cybersecurity conferences for decades, recently celebrating its 26th year in existence. It provides a great networking opportunity and a chance to hear from cybersecurity thought leaders in all different industries, with training sessions and trend analysis on some of the biggest hot-button issues in the cybersecurity sector today. The conference also provided an opportunity to visit different vendor booths and learn more about new solutions in the cybersecurity landscape. Naturally, several members of the CYGNVS team were in attendance to get the lay of the land. Here are some of my key takeaways from the event:
Recent high-profile ransomware attacks have showcased the destructive consequences of cyber incidents, serving as a stark reminder of the devastating impact they can inflict on businesses across all sectors. In recent headlines, large enterprises have fallen victim to relentless ransomware attacks, sending shockwaves throughout all industries. These distressing events have unmistakably emphasized the necessity for businesses of all sizes and standings to strengthen their cybersecurity measures and take the path of preparing and practicing and start readying themselves for the cyber crisis. The increasing frequency of large-scale ransomware attacks on even well-established enterprises serves as a crucial reminder that the threat of cyberattacks looms over all companies, sparing none.
Connecting the Dots The recent surge in ransomware attacks against well-established and highly reputable organizations serves as a grim reminder of the ever-present danger of cyberattacks. These incidents not only disrupt operations but also leave indelible scars, manifesting as substantial financial losses and enduring damage to a company's reputation. The Unpreparedness Triad When it comes to cyber crises like ransomware incidents, there are three significant challenges that most organizations are unprepared for. These challenges can make the difference between a minor disruption and a catastrophic event:
|
Alex WaintraubAlex Waintraub is a seasoned cybersecurity professional with over a decade of experience in IT, Security Operations, and DFIR. He excels in security analytics and leads both small and large-scale cybersecurity teams. For the past decade, Alex has specialized in managing security operations, including triage, validation, and escalation of incidents. His expertise spans SOC enhancements, Incident Response Plans, ransomware negotiations, threat hunting, and intelligence operations. He delivers robust cybersecurity services to global clients across multiple industries and speaks at national conferences and his NJ Cyber Fireside Chat (cyberfiresidenj.com). Archives
November 2024
|